• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

DNS Resolver doesn't process queries through Wireguard full tunnel

Scheduled Pinned Locked Moved DHCP and DNS
3 Posts 1 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • S
    Stan
    last edited by May 3, 2022, 12:14 AM

    I’m trying to make a full tunnel work with Wireguard on pfSense and a Windows computer. The computer can access the tunnel and get to my servers using IP addresses, but not using the server FQDNs. (I’ve set them up using HAProxy with a wildcard certificate.) I can’t reach Websites using domain names. In these cases the failure message is that the DNS address could not be found.
    The Netgate instructions include: " All traffic may be associated with a peer by using 0.0.0.0/0 for IPv4 or ::/0 for IPv6, but this won’t work for a tunnel with multiple peers. Only the last peer in the list will be configured properly." So I’ve removed my phone as a peer for the tunnel, but still get the same result.
    I did not create a separate interface for Wireguard. I’m using Unbound as my DNS server. The general settings for DNS Resolver do not show an interface for Wireguard. However, the “Access Lists” tab includes an entry showing the tunnel network.
    The Windows Wireguard app has the DNS server set to my pfSense interface (192.168.8.1).
    In pfSense, I’ve tried to direct all DNS queries to Unbound. I have this rule in Firewall/NAT/PortForward:
    Screenshot 2022-05-02 170251.png
    And these rules in Firewall/Rules/WireGuard:
    Screenshot 2022-05-02 170335.png
    If I disable the rules directing port 53 traffic to Unbound and use 8.8.8.8 as the DNS address in the Windows peer app, I can get to Web sites. And in any case, I can't get to the servers using IP addresses, just not FQDNs.
    I assume this is a problem of getting Unbound to respond to DNS queries from the remote peer, but I’m at a loss of what else to do. Any suggestions will be appreciated.

    1 Reply Last reply Reply Quote 0
    • S
      Stan
      last edited by May 3, 2022, 12:17 AM

      I meant: "In any case I can get to the servers using IP addresses, just not FQDNs."

      1 Reply Last reply Reply Quote 0
      • S
        Stan
        last edited by May 9, 2022, 11:18 PM

        Solved by watching a video from Christian McDonald. The change was to the settings in the peer (client) app. I set the DNS address to the tunnel address (192.168.85.1) rather than my pfSense address.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received